[openssh-commits] [openssh] 01/02: upstream commit
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed Jan 4 13:23:13 AEDT 2017
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit c7995f296b9222df2846f56ecf61e5ae13d7a53d
Author: djm at openbsd.org <djm at openbsd.org>
Date: Tue Jan 3 05:46:51 2017 +0000
upstream commit
check number of entries in SSH2_FXP_NAME response; avoids
unreachable overflow later. Reported by Jann Horn
Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f
---
sftp-client.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sftp-client.c b/sftp-client.c
index e65c15c..d47be0e 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.c,v 1.125 2016/09/12 01:22:38 deraadt Exp $ */
+/* $OpenBSD: sftp-client.c,v 1.126 2017/01/03 05:46:51 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm at openbsd.org>
*
@@ -587,6 +587,8 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
if ((r = sshbuf_get_u32(msg, &count)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ if (count > SSHBUF_SIZE_MAX)
+ fatal("%s: nonsensical number of entries", __func__);
if (count == 0)
break;
debug3("Received %d SSH2_FXP_NAME responses", count);
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list